From cyber-security deception to manipulation and gratification through gamification

Over the last two decades the field of cyber-security has experienced numerous changes associated with the evolution of other fields, such as networking, mobile communications, and recently the Internet of Things (IoT) [3]. Changes in mindsets have also been witnessed, a couple of years ago the cyber-security industry only blamed users for their mistakes often depicted as the number one reason behind security breaches. Nowadays, companies are empowering users, modifying their perception of being the weak link, into being the center-piece of the network design [4]. Users are by definition "in control" and therefore a cyber-security asset. Researchers have focused on the gamification of cyber- security elements, helping users to learn and understand the concepts of attacks and threats, allowing them to become the first line of defense to report anoma- lies [5]. However, over the past years numerous infrastructures have suffered from malicious intent, data breaches, and crypto-ransomeware, clearly showing the technical "know-how" of hackers and their ability to bypass any security in place, demonstrating that no infrastructure, software or device can be consid- ered secure. Researchers concentrated on the gamification, learning and teaching theory of cyber-security to end-users in numerous fields through various techniques and scenarios to raise cyber-situational awareness [2][1]. However, they overlooked the users’ ability to gather information on these attacks. In this paper, we argue that there is an endemic issue in the the understanding of hacking practices leading to vulnerable devices, software and architectures. We therefore propose a transparent gamification platform for hackers. The platform is designed with hacker user-interaction and deception in mind enabling researchers to gather data on the techniques and practices of hackers. To this end, we developed a fully extendable gamification architecture allowing researchers to deploy virtualised hosts on the internet. Each virtualised hosts contains a specific vulnerability (i.e. web application, software, etc). Each vulnerability is connected to a game engine, an interaction engine and a scoring engine

POTC model for Safe and Secure Cyber Communication as well as Transactions

We are currently living in an age, where the use of the Internet has become second nature to millions of people. Not only business but all types of organization is depend on the Internet. More and more home users are practice the huge benefit of the Internet. However, this dependency and use of the Internet bring new and dangerous risks. This is due to increasing attempts from unauthorised third parties to compromise private information for their own benefit – the whole wide area of cyber crime. Cyber crime is also increase in cases of unawareness about online fraud and risks. Therefore it is essential that all users understand the risks of using Internet, the importance of securing their personal information and the consequences if it is not used properly. Hackers target home users due to this vulnerability. Due to improper development of website security and loopholes hackers can easily take benefit. This paper specify current frauds and proposes a POTC model, which provide guideline to home users as well as developer. POTC model proposes a way to improve information security awareness among home users and developer by presenting some information security steps

Undergraduates Perception of Informal Personal Learning Environments: Affordances for Self-regulated Learning

Mental Models, informal representations of reality, provide an appealing explanation for the apparently non-rational decisions of users. Although users may be attempting to make secure decisions, the use of incomplete or incorrect information security mental models as a shortcut to decision making may lead to undesirable results. We describe mental models of Viruses and Hackers drawing on data from a survey of 609 adult computer users and link these to security behaviours and perceptions. We find that there are potentially just a small number of common security beliefs and suggest that accommodating these mental models during security design may be more beneficial to long-term security than expecting users to change to accommodate security requirements

Security Assessment for Zenbo Robot Using Drozer and mobSF Frameworks

These days, almost everyone has been entirely relying on mobile devices and mobile related applications running on Android Operating Systems, the most used Mobile Operating System in the world with the largest market share. These Mobile devices and applications can become an information goldmine for hackers and are considered one of the significant concerns mobile users face who stand a chance of being victimized during data breach from hackers due to lapse in information security and controls. Such challenge can be put to bare through systematic digital forensic analysis through penetration testing for a humanoid robot like Zenbo, which run Android OS and related application, to help identify associated security vulnerabilities and develop controls required to improve security using popular penetration testing tools such as Drozer, Mobile Application Security framework (mobSF), and AndroBugs with the help of Santoku Linux distribution

Novel Approach for Control Data Theft Attack in Cloud Computing

Information security is a major problem faced by cloud computing around the world. Because of their adverse effects on organizational information systems, viruses, hackers, and attackers insiders can jeopardize organizations capabilities to pursue their undertaken effectively. Although technology based solutions help to mitigate some of the many problems of information security, even the preeminent technology can’t work successfully unless effective human computer communication occurs.IT experts, users and administrators all play crucial role to determine the behavior that occurs as people interact with information technology will support the maintenance of effective security or threaten it. In the present paper we try to apply behavioral science concepts and techniques to understanding problems of information security in organizations

Foreword

Privacy and technology issues tend to implicate one another.  Sometimes they reinforce each other, such as when improved data security thwarts hackers.  But often the use of technology diminishes privacy because, in order to benefit from the technology, users must surrender some personal, otherwise private information.  In such cases the technology may be powerful, profitable, fun, or convenient, but the privacy consequences of its use can be quite profound

The Computer Misuse Act 1990 to support vulnerability research? Proposal for a defence for hacking as a strategy in the fight against cybercrime.

Despite the recent push towards security by design, most softwares and hardwares on the market still include numerous vulnerabilities, i.e. flaws or weaknesses whose discovery and exploitation by criminal hackers compromise the security of the networked and information systems, affecting millions of users, as acknowledged by the 2016 UK Government in its Cybersecurity Strategy. Conversely, when security researchers find and timely disclose vulnerabilities to vendors who supply the IT products or who provide a service dependent on the IT products, they increase the opportunities for vendors to remove the vulnerabilities and close the security gap. They thus significantly contribute to the fight against cybercrime and, more widely, to the management of the digital security risk. However, in 2015, the European Network and Information Security Agency concluded that the threat of prosecution under EU and US computer misuse legislations ‘can have a chilling effect’, with security researchers ‘discentivise[d]’ to find vulnerabilities. Taking stock of these significant, but substantially understudied, criminal law challenges that these security researchers face in the UK when working independently, without the vendors’ prior authorisation, this paper proposes a new defence to the offences under the Computer Misuse Act, an innovative solution to be built in light of both the scientific literature on vulnerability research and the exemption proposals envisaged prior to the Computer Misuse Act 1990. This paper argues that a defence would allow security researchers, if prosecuted, to demonstrate that contrary to criminal hackers, they acted in the public interest and proportionally